Connect with us

Technology

Wars: From Weapons to Cyberattacks

Alexandra Goman

Published

on

Historically war focused on public contests which involve arms, e.g. Gentili’s concept of war. The main goal of such contests is to inflict damage to soldiers of an opposing side. Through this lens, cyberwar may be seen as a contest which perhaps involves certain arms. But it should be noted that these contests are very seldom public, mostly due to attribution problem. Even more, cyberattacks do not kill or wound soldiers; instead they aim to disrupt a property. It is, however, somewhat debatable, because such disruption of a system (like meddling with the nuclear facilities of Iran) may have an effect on both, civilians and combatants in a longer run. However, these secondary consequences are not the primary goal of a cyberattack, thus, there should be a difference between a cyberwar and a war.

The element of war being public is very important, as war is always openly declared. Additionally, an opposing side is given a chance to respond to the enemy by whatever means it deems necessary. In the context of cyberwar, this is more complicated. In case of cyberattacks, it is very difficult to determine the source and the initial attacker (more precisely, an attribution problem which is to be addressed further). Moreover, many attackers prefer to remain silent. This argument is further exacerbated by the lack of evidence. At this date the best example of cyber warfare, going somewhat public, is Stuxnet – not attributed to and officially admitted.

In the end, the attack became public but it was hidden for a year before its discovery. The specialists did notice the Iranian centrifuges malfunctioning[1] but they failed to identify the source of problems. This cyberattack was new because it did not hijack a computer or extort money; it was specifically designed to sabotage an industrial facility, uranium enrichment plant in Natanz.

However, attribution still falls behind. U.S and Israel are believed to launch Stuxnet, however they denied their involvement. Moreover, not any other country as officially admitted that. Based on the previous argument, for war to happen it has to be public. The case of Stuxnet or its similar computer programs does not therefore prove the case of cyberwar.

Moreover, if war is seen as a repeated series of contests and battles, pursued for a common cause and reason (for example, to change the behavior of the adversary), then there should be more attacks than just one. Nothing seems to preclude that one state may attempt launching a series of cyberattacks against an enemy in the future, which consequently be named a war. However, the adversary should be able to respond to the attacks.

Another view argues that the just war tradition[2] can accommodate cyberwar; however there are also some questions to take into consideration. In cyberwar, a cyber tool is just means which is used by military or the government to achieve a certain goal. This fits the just war tradition very well, because the just war tradition does not say much about means used in war. It is more focused on effects and intentions (See Stanford Encyclopedia of Philosophy Online).

The example of cyberweapons and the debate around them prove that they are discussed in the same way as any other evolving technology. If agents, effects, and intentions are identified, cyberwar should supposedly apply to the just war tradition similarly to any other types of war. However, cyber means has unique characteristics: ubiquity, uncontrollability of cyberspace and its growing importance in everyday life. These characteristics make cyberwar more dangerous, and therefore it increases the threat in relation to cyberwar.

Another useful concept of war to which cyber is being applied is the concept of war by the Prussian general Carl von Clausewitz. It presents the trinity of war: violence, instrumental role, and political nature (Clausewitz, 1832). Any offensive action which is considered as an act of war has to meet all three elements.

Firstly, any war is violent where the use of force compels the opponent to do the will of the attacker (Ibid., 1). It is lethal and has casualties. Secondly, an act of war has a goal which may be achieved in the end of the war (or failed to achieve in case the attacker is defeated). The end of war, in this sense, happens when the opponent surrenders or cannot sustain any more damage. The third element represents political character. As Clausewitz puts it, “war is a mere continuation of politics by other means” (Ibid., p. 29). A state has a will that it wants to enforce on another (or other) states through the use of force.  When applying this model to cyber, there are some complications.

Cyber activities may be effective without violence and do not need to be instrumental to work. According to Rid, even if they have any political motivation, they are likely to be interested in avoiding attribution for some period of time. That is why, he highlights, cybercrime has been thriving and was more successful that acts of war (Rid, 2012, p.16).  However, in all three aspects, the use of force is essential.

In the case of war, the damage is inflicted through the use of force. It may be a bomb, dropped on the city; or a drone-strike that destroys its target. In any case, the use of force is followed by casualties: buildings destroyed, or people killed. However, in cyberspace the situation is different. The actual use of force in cyberspace is a more complicated notion.

[1] International Atomic Energy Agency (2010). IAEA statement on Iranian Enrichment Announcement. [online] Available at: https://www.iaea.org/newscenter/pressreleases/iaea-statement-iranian-enrichment-announcement [Accessed on 28.12.2017].

[2] Jus bellum iustum (Lat.) – sometimes referred both as “just war tradition” and “just war theory”. Just war theory explains justifications for how and why wars are fought. The historical approach is concerned with historical rules or agreements applied to different wars (e.g. Hague convention). The theory deals with the military ethics and describes the forms that a war may take.  Ethics is divided into two groups: jus ad bellum (the right to go to war) and jus in bello (right conduct of war). (See Stanford Encyclopedia of Philosophy Online). In the text Cook applies cyberwar to the just war tradition, rather than theory. In his belief, “tradition” describes something which evolves as the product of culture (In Ohlin, Govern and Finkelstein, 2015, p. 16).

Use your ← → (arrow) keys to browse

Specialist in global security and nuclear disarmament. Excited about international relations, curious about cognitive, psycho- & neuro-linguistics. A complete traveller.

Continue Reading
Comments

Technology

The Impact of Blockchain For Businesses

Published

on

Blockchain

Throughout the years, the concept of blockchain technology has gradually overtaken the business world. But no longer is it only being associated with cryptocurrency. Now it’s finding its way into other industries such as eCommerce and logistics management. 

Helping to digitize businesses, it’s a popular technology due to its ability to solve challenges such as security breaches. But that’s not the only benefit that comes with investing in blockchain technology. If your business is interested in investing in enterprise software development and in blockchain in particular, then the following information can prove to be invaluable. 

What is it?

Before getting into the advantages, it’s important to first understand exactly what blockchain is. Arguably one of the most disruptive technologies, it’s something that should no longer be ignored. To put it simply, blockchain is a collection of digital technology information which is stored within a database.  This will typically include:

  • Information about certain customer transactions including key data such as the time, monetary amount, date and more. 
  • Information about exactly who is buying your products or services. Revealing shopping behaviors, it’s stored with a digital signature rather than a specific name. 
  • Unique blocks of information – which can easily be distinguished from one another. For example, if one customer buys one item and then in the future buys a different one, they will be in different blocks.

What Are The Benefits?

  1. An Increased Level of Efficiency

One of the most important benefits that come with implementing blockchain technology within your business is the elevated level of efficiency it can provide. Removing the need for a third-party due to its more decentralized design, it will make your operating processes far more streamlined. 

With blockchain technology, you can step away from the more traditional, time-consuming processes that were rife with human error and automate them. Ensuring that they are completed more quickly and accurately, you can spend the time that you saved on other areas of your business. 

As well as making the overall process more streamlined and convenient, it allows for everyone to access the same information at one time – making financial record-keeping more trustworthy in the long term. 

One industry that could particularly benefit from faster payments and transactions is the real estate market. With a simpler system of ownership records, it will make the process of selling properties far easier. It will also open up the possibility of automating agreements between tenants and landlords, which will similarly speed up the process. 

  1. Greater Transparency Overall

A notable characteristic that blockchain has is its ability to be transparent. As the technology is a type of a transaction or distributed ledger, it allows those within a network to share all of the same documentation instead of individual copies. 

By making this open to viewing, it directly adds a remarkable layer of accountability, giving each sector within the business the responsibility to act correctly towards the company’s growth and its customers. The fact that each document can only be updated through the agreement of all participants also ensures that no illegitimate changes can be made. More consistent, transparent and accurate, the staff will perform better together in the long run.

  1. An Increased Level of Security 

As aforementioned, an increased level of security is one of the key benefits that come with blockchain technology. Far more secure than the more traditional record-keeping systems, it will ensure that each transaction that’s made is heavily encrypted and linked to the last transaction. But how does it do this?

Without getting too technical, blockchain technology is created with several ‘blocks’ which are formed by a computer network. Once created, they are added to a ledger which fuses a chain of information. As it is such a complex technology that exists across several serves rather than one (as most traditional technologies are), it’s one of the most protected from breaches. 

This level of security is particularly important for businesses that store sensitive customer data such as – healthcare, within the government and in financial services. 

  1. Reduced Costs

For many businesses, it’s important to cut costs where you can. And with blockchain technology, you can do exactly that. Although the initial investment might seem expensive, the benefits that come with it make it more than worth it for many businesses. As mentioned above, it removes the need for third parties. And because of this, you can work directly with your clients and customers.

This will, in turn, help to reduce your overall costs. With this new automated technology, you also no longer have to review information separately. Helping to save time and therefore save money. You can then reinvest the money that you’ve saved by not having to deal with third parties in other aspects of your business – such as marketing or IT.

  1. Enhanced Traceability 

Traceability is key within many businesses – as without it, you can’t identify transactions. With blockchain technology, you can reap the benefits that come with an enhanced level of traceability. For example, every time that someone purchases a product from your business, it will create a digital audit trail which is recorded within the blockchain. Showcasing who and when they were bought, it can easily be traced if need be.

Helping to prevent fraud (if you have a business that’s involved in exchange), verify the authenticity and improve security, it’s an essential addition for many. In particular, this heightened level of traceability can be ideal if your business traditionally deals with products which are traded through a very complex supply chain – such as within medicine. Tracking exactly who manufactured and distributed each item, it will be easier to recall products if need be.

Final Thoughts

The impact that blockchain technology can have within a business is clear. A type of technology that is ever-developing and growing in popularity, it’s something that’s here to stay. Of course, before you invest in the technology, it’s vital that you thoroughly research the pros and cons and how it could directly affect your business’ operations.

Prev postNext post
Use your ← → (arrow) keys to browse

Continue Reading

Technology

Inside the New WhatsApp Buffer Overflow Vulnerability

Published

on

Whatsapp

Facebook’s WhatsApp mobile app has had a rough time lately with regard to software vulnerabilities. In November 2019, the social media company quietly issued a security patch for a buffer overflow vulnerability contained in their messaging application.

However, the vulnerability disclosed in November 2019 is not the only recent vulnerability discovered and patched in the secure messaging application. Earlier in 2019, another buffer overflow vulnerability was discovered and patched by the company. Both of these vulnerabilities are rated as “severe” due to the fact that an attacker exploiting them can run malicious code on the target device.

To make things worse, the vulnerabilities in WhatsApp can be exploited by an unauthenticated attacker. These vulnerabilities were discovered in functions that process data sent by another WhatsApp user to the target. By taking a simple action – initiating a WhatsApp call or sending an MP4 video to the target – an attacker can trigger the vulnerability, giving them control over the device. These vulnerabilities can then be exploited to place spyware on the victim’s device and to view the user’s messaging history within the app.

A Brief History of WhatsApp Security

The recent WhatsApp vulnerability is not the first buffer overflow contained within the mobile app. In May 2019, a different buffer overflow vulnerability was discovered in how WhatsApp processed the data contained within an incoming call.

This vulnerability was created because WhatsApp uses a special binary format for sending data between devices and then unpacks this data at the recipient device. If an attacker sent a specially formatted packet, which lied about the length of a certain field, the recipient’s WhatsApp would unpack the data into a place on the stack that did not have sufficient space for it. As a result, the attacker would have the ability to write to memory that should have been outside of their control. This vulnerability was concerning since it allowed remote code execution on a target device without any user interaction required. The malicious packet was sent as part of initiating a call, so, even if the user rejected the call, the damage was already done.

This past WhatsApp vulnerability has been the source of significant controversy. While Facebook was in the process of patching the vulnerability, they observed someone trying to exploit it on the device of a UK-based human rights lawyer. Additional investigation pointed to the use of the vulnerability to spy upon individuals who would be of interest to certain governments.

The Israeli-based NSO Group is well known for developing and selling exploits to governments for use in surveillance activities that fall outside the scope of law enforcement activities. This, and the fact that the observed attack used infrastructure previously linked to the NSO Group, has led Facebook to believe that the company was beyond the exploitation of the WhatsApp vulnerability. As a result, Facebook has begun a lawsuit against the NSO Group for exploitation of a vulnerability in one of their products.

The Newest WhatsApp Vulnerability

The buffer overflow vulnerability disclosed in May was not the last such vulnerability in the WhatsApp platform. In November 2019, Facebook patched another vulnerability in WhatsApp that was similar in scope, severity, and potential impact.

This vulnerability dealt with how WhatsApp handled MP4 video files. Along with a video file comes a stream of metadata containing details about the file. When parsing this metadata, WhatsApp is vulnerable to a stack-based buffer overflow attack. This would allow the attacker to perform a Denial of Service attack (crashing the app) or to run attacker-controlled code on the app that could give access to previous conversations that the user has performed on the app. Exploitation of the vulnerability only requires an attacker to know the phone number of the victim and to send them a malicious MP4 video via WhatsApp.

Luckily, while the new vulnerability had the potential to be at least as damaging as the previous buffer overflow flaw, it appears that this one was not being actively exploited by attackers prior to being patched by Facebook. However, this demonstrates the importance of keeping such applications up-to-date (so that Facebook-provided security patches are applied) and to consider the risks associated with using these applications for personal communications.

Protecting Against Buffer Overflow Vulnerabilities

Buffer overflow vulnerabilities are nothing new. They are extremely simple vulnerabilities – only involving a failure to properly manage memory and user input – yet they can be extremely difficult to detect. A wide range of buffer overflow vulnerabilities exist, and sometimes apparently “safe” code can be vulnerable since another vulnerability can be exploited to bypass existing protections against buffer overflows.

The two major WhatsApp vulnerabilities disclosed and patched in 2019 demonstrate the potential impact of a buffer overflow vulnerability in a critical application. Both of these vulnerabilities could be exploited without user interaction, and enabled an attacker to run malicious code within the victim application. In one case, the vulnerability was exploited multiple times to spy upon parties of interest to various governments, leading to a lawsuit by Facebook against the suspected perpetrator.

Protecting against buffer overflow vulnerabilities requires the ability to identify and block potential exploits before they reach a vulnerable application. Deploying a strong web application firewall (WAF) to protect an organization’s web presence and runtime application self-protection (RASP) for critical or potentially vulnerable assets is an important first step toward protecting an organization and its software assets against exploitation.

Use your ← → (arrow) keys to browse

Continue Reading

Technology

3 2020 Developments That Could Make Your Life Easier

Published

on

There are many systems under development right now that could eventually make your life easier – but below, we’re going to look at 3 of them. We could be using these developments a lot sooner than you think! 

5G

Why do we need 5G when we have 4G – 4G is fast enough, right? People are worried about the health implications, but everybody seems willing to look past that to get more speed. More speed could really help businesses. Also, while 5G is generally operating from the same infrastructure as before, mass adoption will cause issues for data centers. This could make the situation both better and worse in some respects. 

Virtual Reality 

Virtual reality is already being used by many people, but it could actually be put to good use soon. When it comes to simple things like shopping, you could make your life so much easier and more enjoyable. Whether you’re shopping for furniture or clothes, virtual reality could mean checking out the fit easily. Try on clothes in the comfort of your home without even ordering them first. See what a sofa looks like before you buy. The options are endless! 

Artificial Intelligence 

We’re still going to need human intelligence, but AI can have a huge impact in our personal and working lives. In work alone it could mean enhanced automation with no need to do tedious tasks. Then, there’s next gen disaster response. It’s the technology of the future!

With these developments in mind, what are some of the most important developments in human history? Check out the infographic to find out!


check out an infographic about human history
Use your ← → (arrow) keys to browse

Continue Reading

Trending